Avast WEBforum
Other => Viruses and worms => Topic started by: hostep on December 15, 2008, 12:03:09 PM
-
Hi
I just got a warning from avast, it detected a rootkit in the ils.dll file in the windows\system32 folder. (Windows XP SP3)
This happened on 2 of my computers at almost the same time.
This makes me think that this is a false positive?
-
Looks like a FP:
http://forum.avast.com/index.php?topic=40975.0
-
I got the same warning.
Could somebody confirms this is an FP or not?
Thx.
-
I got the same warning.
Could somebody confirms this is an FP or not?
Thx.
I just received a VPS database update and scanned ils.dll and did not get an alert.
-
today dec. 15th, I've received a warning from AVAST about the c:\windows\system32\ils.dll. here 2 computers using XP got this warning..
I guess a false positive warning...
I suggest you guys send a mail to avast tem, they can give us an answer...
-
Yup, same warning here. Think I'll cancel the full scan running on that system and get to work, and hope for
"official" notice this is a fp.
-
I also received the same message...
Avast! popped up saying it had found a suspicious file, and that it was detected using heuristic methods. It was actually quite scary for me, as I go to great lengths to keep my computer safe from malware, and I don't think malware has ever actually been found on my computer in over a year lol.
I'm just going to assume that this is a false positive for now.
-
Precisely the same thing here too, Avast says it detected ils.dll as a rootkit using a heuristic method.
Trend micro rootkit finder says nothing, and the boot time scan also finds nothing, so im guessing false positive.
-
i got the same warning twice :S
so what is this than??
-
Same here. The database updated and shortly after that the warning appeared. Then found this thread on google.
-
me too. also on 2 computers ???
i run boot scan and zero infected files were found. I also scan ils.dll file alone and it's ok. few minutes after system restart message appeared again! ???
could you tell me if it's something dangerous and what is false positive?
thanks!
-
I'm getting the same thing. Virus Total says ils.dll is clean. Looking at the file's "properties", it looks like it's part of Microsoft's NetMeeting software.
-
Hi guys!
I have the same MSG about ils.dll.
Thanks!
-
Yep me too.
Thanks for this thread ;D
-
Same here when I started up the computer a few hours ago.
Rebooted computer and scanned. No viruses found.
-
Same here... I'm sure it's a false positive. I clicked on Ignore and everything is fine... except that the message pops up every time I scan my computer.
(http://www.shrani.si/f/3i/10G/ShYBYcw/ils.jpg)
I hope Avast team will remove this FP in the new update.
-
I 'v just also got a warning from avast , it detected a virus in the ils.dll file in the windows\system32 folder. Type : Rootkit
This happened on 2 of my computers (laptop and other) at almost the same time in this morrning (December 15 th, 2008)
This problem seems to be encountered by many people all around the world and in the same time :-\. It a very strange warning message, not usual ???.
J.
Belgium
-
The fixed VPS was already released - please invoke a VPS update.
-
Thank you guys for the info. Saved me deleting a file that didn't need deleting.
-
Same problem on my pc and pc's of two friends
-
Same problem on my pc and pc's of two friends
Update your virus database...
I have the problem here also. Seems that all XP SP3 is affected...
-
Hi, the simple way to solve theis problem is
1. ignore (only in this case)
2. to update vps database (download or click on update with mouse)
3. reboot with scan
4. seems okay
5. later ... use for security a rootkit analyse tool like rootkit revealer or other tools
-
This take effect not only on XPSp3
nor W2K Sp4, actual updates in use
-
The same just happened to me, I did a boot scan now nothing showing up, also used Acronis to take me back to a previous good build.
-
GOT SAME THING TOO
-
Hi folks,
If this is the file:
General dll file information
File Name: ils.dll
File Size in bytes: 81920
File Size in kbytes: 80KB
Advanced dll file information
Company Name: Microsoft Corporation
Software Product Name: Windows® NetMeeting®
File version: 5.1.2600.2180
Description: User Location Services Component Module
Operating System: NT-Win32
File Type: App
It is a FP, and then can be ignored. There are reports in from other forums too.
Should be corrected next time round, or already has with the most recent update,
polonus
-
GOT SAME THING TOO
Don't need to post twice the same.
This is corrected in the last virus database, please, update it.
-
I just had the same this morning!
After scanning it comes back again!
???
-
I got the same message this morning and went to have a look at the file:
it says it was created on 25/04/2008 and was modified on 14/04/2008 - not sure how it is possible to modify something before it's created - but in any case, looks like it's been there for a while and I haven't noticed anything suspicious yet.
-
I just had the same this morning!
After scanning it comes back again!
???
Is your avast updated?
-
I had the same issue with the ils.dll reporting in AVAST today. I deleted, sent the file to AVAST and ran a scheduled bootscan. Nothing bad found in that one.
At reboot I check for the ils.dll file in system32 and it's still there. Scan that one with AVAST and nothing comes up.
Okay, so what's the story??? Do we leave this file alone? Is it legit? Someone posted that it's bad, sending unauthorized messages in Messenger. I have blocked Messenger in ZoneAlarm and get no report from ZoneAlarm that this file is trying to access Messenger.
Some other people said that it's a false positive.
Now, what are we doing? Does it have to go or can it stay? Is it good or is it bad? Can we get a clear cut answer on this from someone who is into this and can substantiate their claim as well, possibly with links?
I'd like to know a 100% if I am safe or not.
Thnxs!
-
I had the same message today, and ignored it.
It is a false positive indeed. That means, it has no virus at all.
The file belongs to the NetMeeting product which is part of Windows.
If you don't use NetMeeting, it doesn't matter if you kill the file. But you can keep it anyway, the ALWIL team fixed their virus database so this file isn't reported malicious in the future.
Simply update your virus database and this problem is gone....
They are doing a really good job at ALWIL. :)
-
Ensure that you have the latest VPS update, 081215-1, which has corrected this detection.
-
Same here following on from issues yesterday. I'm working with a few different computers and working updates with Windows. Im currently posting from what will be the primary port of my intended SOHO network. At the moment I can shift amongst the PCs with removable wireless plug using each as a standalone. Ran boot time scan on this PC after receiving ils.dll message during an intial scan. Then GUI mode scan next and nothing suspect comes up subsequent to initial ils.dll message. Im stepping back a bit now. I think juggling the computers and Windows and antivirus is not going to help if there is current virus threat, so need to reset my base...
-
I had the same message today, and ignored it.
It is a false positive indeed. That means, it has no virus at all.
The file belongs to the NetMeeting product which is part of Windows.
If you don't use NetMeeting, it doesn't matter if you kill the file. But you can keep it anyway, the ALWIL team fixed their virus database so this file isn't reported malicious in the future.
Simply update your virus database and this problem is gone....
They are doing a really good job at ALWIL. :)
Okay, so it's safe and it can stay. We say it's a false positive. Don't get the report of a virus anymore and have the latest VPS update file so I assume it's all good now.
Anyhow ALWIL do me a favor and don't repeat scaring the sh.. out of me will ya... :o
Ta...
-
Not quite a fp. Why does microlimp need to run 'chat' software as a hidden system service? Avast is correct to show this as a warning: The OS is behaving like a virus.
-
I think not quite so black and white. But I've messed a bit by adding my own changes after good advice "if it aint broke dont fix it". I can system restore if I want but I might play it out as I will reload the OS anyway. I've reset the security as it was for now and backed up data to removable drive. And I still have another freshly loaded PC with same issue which I havent made it back to as yet (since before I started on the webforum). Watching with interest.
-
Why does microlimp need to run 'chat' software as a hidden system service?
From which application is this dll?
-
hi i've already updated my VPS but i still get the warning from a fresh boot. should i just choose to ignore the file?
or the update should've fix it? but why am i still getting the warning?
-
hi i've already updated my VPS but i still get the warning from a fresh boot. should i just choose to ignore the file?
Sure, ignore that file, right now a false positive.
Other users are experiencing the same and the update seems not to work ???
Until there, as a workaround, disable rootkit scanning in the Trobleshooting tab of program settings.
-
but in "about avast" it shows my file version is 081215-0 and in update it says already updated to 081215-1.
is it the same to you guys?
-
but in "about avast" it shows my file version is 081215-0 and in update it says already updated to 081215-1.
is it the same to you guys?
I have only -1 update both while updating (report) and the about dialog...
Try again? Boot? ???
-
its -1 now did a repair on the uninstaller ;D
-
***
Information about this dll ...
http://www.filename.info/f/ils.dll.html
http://www.bang.ro/ils_dll.htm
***
-
http://www.computerworld.com/action/article.do?command=viewArticleBasic&articleId=9123758
-
Hi y'all. Posting back here as no longer any new issue to deal with. Seems hole in IE7 after major update 9 Dec through to Microsoft resolve Dec 17 led to incursion of exploits as I was loading web updates to operating systems. But no malware infections. Problem sorted through standard procedures. PC tune-up and protect. Things quiet since. Also, other PC with freshly loaded xp and Dcom exploit alerts fell back into normal Avast protection mode. Now updating per norm. Thorough scan today, clean system.
On weekend, did repair job for client seeming with same IE7 problem but malware infection due to messy PC. Righted PC and no problems since / as yet. Put issue down as IE7 vulnerability now resolved. Moving on. Until next time.